Description

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.

Remediation

References

CVE-2015-5335

Related Vulnerabilities

WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.7)

Oracle HTTP Server CVE-2020-2545 Vulnerability (CVE-2020-2545)

Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465)

WebLogic CVE-2023-22069 Vulnerability (CVE-2023-22069)

WordPress Plugin WordPress Video Player Multiple Vulnerabilities (1.5.4)

Severity

Medium

Classification

CVE-2015-5335 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities